The Importance of System Availability in Corporate Critical Infrastructure Protection

2. INDEX
1. Asymmetric Warfare e.g. Unrestricted Warfare
2. Definition of Critical Infrastructure
3. A Network of Interconnected Macro Systems
4. Implications & Complications
5. Threat Exposition
6. Threat Scenario – Cyber Attacks
7. Threat Scenario – Cyber Attackers
8. Threat Scenario – Context
9. Defense Strategies – Risk Management
10. Defense Strategies – Resistance and Resilience
11. Resilience, Redundancy and Attack Resistance
12. An Efficient Solution

3. 1. Asymmetric Warfare e.g. Unrestricted Warfare
Technology
Low High
Strong
Dirty War Systemic War
Power
Mechanic War
Peace War ICT
War
Weak
We are rapidly moving towards the ICT War… High technological skills versus weak
power… In other words the epitome of THE ASYMMETRIC WAR

4. 2. Definition of Critical Infrastructure
A system that is so vital for the equilibrium of an organization that its destruction or
incapacitation could have a debilitating impact
energy
critical
communications hubs
air traffic
emergency
utilities
military
intrusion
public
transport
banks and financial
telecommunication systems
s
During the last decades, critical infrastructures have increased their dependence on ICT

5. 3. A network of Interconnected Macro Systems
Each system is composed of different layers:
•Physical
•Digital-cyber
•Operative
CI 2
•Strategic-organizational
CI 1
CI 4
CI 3
Interconnection and Interdependency are essential features of macro systems

6. 4. Implications & Complications
Fading borders Complexity Interconnection
Cascade effects Unpredictability
Different layers
Different modelization

7. 5. Threat Exposition
Speeding up of internal processes + Growing demand for interactivity
= Great number of access points and doors to critical infrastructures
A long term approach is needed when dealing with Critical Infrastructure Protection

8. 6. Threat Scenario – Cyber Attacks
Cyber attacks are the main threat against critical systems due to their increased dependence
upon information technology

9. 7. Threat Scenario – Cyber Attackers
It is vital to identify the motives behind cyber attackers
Monetary gain is the key motivator

10. 8. Threat Scenario - Context
Common attacks exploit systems’ vulnerabilities at the interconnection and interdependence
layer

11. 9. Defense Strategies – Risk Management
Risk Management applied to the protection of Critical Infrastructures is affected by a high
degree of uncertainty deriving from:
complexity
low predictability
incessant technological change

12. 10. Defense Strategies – Resistance and Resilience
Resistance is futile when dealing with highly unpredictable risks
Resilience, or the ability to recover from unexpected events, can be the appropriate strategy

13. 11. Resilience, Redundancy and Attack Resistance
Redundancy is a typical resilience strategy for highly unpredictable systems
Redundancy = Less Efficiency and Greater Complexity

14. 12. An Efficient Solution
“Structural sink” at the hub level
Shared backup facilities
Higher Dinamicity
Separation between Cyber and
Strategic layers
Lower Costs

15. Questions? ¿Preguntas?
English/French Spanish
Ερωτήσεις? вопросы?
Greek Russian
Domande?
Perguntas? Italian Fragen?
Portuguese German
َ
‫أ‬ ََِ Fabio Ghioni Sindarin
Arabic fabio.ghioni@telecomitalia.it
tupoQghachmey Japanese
Klingon